VLC Media Player and MPlayer contain critical vulnerability bugs

News
By
published

Make sure to update ASAP

VLC Media Player on a laptop

If you use the popular media players VLC or MPlayer, then you’ll want to make sure you have the most recent updates installed as soon as possible, as security researchers have identified a critical vulnerability that puts your PC at risk.

Cisco Talos Intelligence Group, the security research company, has found that there is a critical remote code execution vulnerability in the LIVE555 media streaming library, which is used by VLC, MPlayer and other popular media players.

According to the findings, this vulnerability is found in a flaw in the HTTP packet parsing functionality, which analyzes HTTP headers for RTSP tunneling over HTTP.

Lilith Wyatt, a researcher at the Cisco Talos Intelligence Group, explained in a blog post that “an exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.”

Get updating

If you have media playing software that uses the LIVE555 media streaming library, such as VLC, then you’ll want to make sure you update to the latest version, as an update has been released that addresses the issue.

The speed in which a fix has been found and released shows how worrying this vulnerability is, and how it put PCs in risk of a cyber attack from malicious users.

Although VLC is a very popular free media player, and often used as an alternative to Windows Media Player and other media playing tools included in Windows over the years, it’s also had its fair share of security problems.

As HackRead explains, critical security flaws have been found in the past, such as in version 2.0.5, while last year Kodi, VLC and Popcorn time were found to be vulnerable to hackers who could hijack computers via subtitle files.

Hopefully, this latest vulnerability is a wakeup call to VLC and other media players to make sure their products are completely secure, otherwise users may start looking elsewhere.

See more Computing News
Matt Hanson
Matt Hanson
Managing Editor, Core Tech

Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he's reviewed over 250 laptops and computing accessories personally.

Latest in Computing
An Nvidia GeForce RTX 5070
Nvidia confirms that an RTX 5070 Founders Edition is coming... just not on launch day
Asus Prime OC RTX 5070 graphics card with three fans, shown at an angle
Asus reveals Nvidia RTX 5070 launch pricing, and while one model is at MSRP – thankfully – the others make me want to give up my search for a next-gen GPU
OpenAI CEO Sam Altman attends the artificial intelligence Revolution Forum. New York, US - 13 Jan 2023
Sam Altman tweets delay to ChatGPT-4.5 launch while also proposing a shocking new payment structure
Image of Radeon RX 9000 series GPUs
AMD RX 9070 could struggle to compete with Nvidia 50-series GPUs according to latest tech demo
Portrait of African-American teenage boy studying at home or in college dorm and using laptop, copy space
Windows 11’s Notepad gets AI-powered ‘Rewrite’ feature, but not everyone’s going to be happy about it
Quordle on a smartphone held in a hand
Quordle hints and answers for Thursday, March 6 (game #1137)
Latest in News
An Nvidia GeForce RTX 5070
Nvidia confirms that an RTX 5070 Founders Edition is coming... just not on launch day
Microsoft UK CEO Darren Hardman AI Tour London 2025
Microsoft - UK can help drive the global AI future, but only with the proper buy-in
Asus Prime OC RTX 5070 graphics card with three fans, shown at an angle
Asus reveals Nvidia RTX 5070 launch pricing, and while one model is at MSRP – thankfully – the others make me want to give up my search for a next-gen GPU
OpenAI CEO Sam Altman attends the artificial intelligence Revolution Forum. New York, US - 13 Jan 2023
Sam Altman tweets delay to ChatGPT-4.5 launch while also proposing a shocking new payment structure
Philips Hue lights being dimmed
Got Philips Hue lights? A free app update delivers these 3 improvements
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
More about computing
NYT Strands homescreen on a mobile phone screen, on a light blue background

NYT Strands hints and answers for Thursday, March 6 (game #368)
OpenAI CEO Sam Altman attends the artificial intelligence Revolution Forum. New York, US - 13 Jan 2023

Sam Altman tweets delay to ChatGPT-4.5 launch while also proposing a shocking new payment structure
Red padlock open on electric circuits network dark red background

Aviaton firms hit by devious new polyglot malware
See more latest